DeFi News

CIP-86 Passed: CoW DAO Begins Compensation for April Attack

CoW DAO says the protocol was not hacked, but affected users will be compensated through a discretionary grants program starting May 21.

Written By:
Shubham Soni
CIP-86 Passed: CoW DAO Begins Compensation for April Attack
DeFi project CoW DAO takes steps to compensate users affected by the DNS hijacking incident.
The compensation plan highlights the industry’s growing focus on user protection and trust.
The incident underscores vulnerabilities in third-party infrastructure used by decentralized finance platforms.

CoW DAO, a DeFi project, today approved a compensation plan for users who lost funds during the April 14 DNS hijacking incident that redirected visitors to a phishing website for several hours.

The proposal, known as CIP-86, passed through the project’s governance process and authorizes discretionary grants to reimburse eligible users. Claims must be submitted by May 14, with payouts expected to begin on May 21 after a review and know-your-customer (KYC) process.

In a post on X, CoW DAO said the underlying protocol was never compromised but acknowledged that users were harmed during the incident. “Our protocol wasn’t hacked. But our users were hurt. That’s enough for us,” the team wrote.

DNS hijack led to phishing losses

The incident occurred on April 14 when attackers used social engineering tactics to gain control of CoW Swap’s domain registrar account. For approximately 4.5 hours, visitors to the official website were redirected to a malicious interface that prompted users to sign fraudulent transactions. Those approvals allowed attackers to drain funds from affected wallets.

CoW Protocol’s smart contracts and backend systems were not breached. The losses stemmed from users interacting with the spoofed website rather than any vulnerability in the protocol itself.

CIP-86 authorizes reimbursement

Following the incident, community members proposed CIP-86 to compensate impacted users despite the attack occurring outside the protocol’s smart contract infrastructure. The proposal has now passed, and CoW DAO will distribute discretionary grants from its treasury to eligible claimants.

The DAO said the decision reflects its commitment to maintaining trust with users, even when losses are caused by third-party infrastructure failures.

How to submit a claim

Users who were affected by the phishing attack must email help@cow.fi with the following details:

  • Impacted wallet address
  • List of affected assets
  • Transaction hashes
  • Full name

The email subject line should read: “Discretionary Grant Claim for CoW.Fi Domain Hijack Incident.” The deadline to submit claims is May 14, 2026.

Review and KYC process

CoW DAO has hired an external firm to conduct identity verification for eligible claimants.

Users whose submissions pass the initial review will receive a secure KYC link sent to the email address used to file their claim. The DAO said it will provide additional guidance about the verification emails to reduce the risk of follow-up phishing attempts.

Compensation timeline

  • May 14: Claim submission deadline
  • May 14–21: Claim review and KYC verification
  • May 21: Treasury begins issuing grants
  • May 31: Compensation program concludes

DAO says compensation is about user trust

CoW DAO emphasized that the reimbursement is voluntary and not an admission that the protocol itself was hacked.

By covering losses caused by the DNS hijack, the project is taking a similar approach to other crypto protocols that have compensated users after incidents involving front-end infrastructure rather than smart contract exploits. The compensation program is intended to close out the April attack and restore confidence among affected users.

Also Read: Huma Finance V1 Exploit on Polygon Drains $101K in USDC

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Shubham Soni Crypto Content Editor
By Shubham Soni
Follow:
Shubham Soni is a veteran content editor and journalist with over three years of experience leading digital editorial strategies across the U.S. and Indian markets. With a background in high-pressure newsrooms, Shubham specializes in the rigorous fact-checking, structural editing, and narrative development of complex news and explainers. Throughout his career at prominent digital publications like Sportskeeda and Opoyi, he has managed fast-paced desks covering global politics, sports, and entertainment. His expertise lies in transforming technical information into accessible, high-impact reporting while maintaining strict adherence to editorial ethics and accuracy. At The Crypto Times, Shubham oversees the editorial workflow, mentoring writers to ensure all cryptocurrency research and analysis meets the highest standards of clarity and journalistic integrity.

Latest News

CLARITY Act’s May 14 Senate Test What Happens Next
CLARITY Act’s May 14 Senate Test: What Happens Next?
CLARITY Act Final Text Expected Today After Grassley-Lummis Agreement
CLARITY Act Final Text Expected Today After Grassley-Lummis Agreement
Ondo Finance Surpasses $1B TVL in Tokenized Stocks and ETFs
Ondo Finance Surpasses $1B TVL in Tokenized Stocks and ETFs
Huma Finance V1 Exploit on Polygon Drains $101K in USDC
Huma Finance V1 Exploit on Polygon Drains $101K in USDC
Cosmos Hub Adopts Injective USDC as Primary Stablecoin
Cosmos Hub Adopts Injective USDC as Primary Stablecoin

Find Us on Socials

You may also like